- July 25, 2008
- backend phpbb authentication
- -1 (after 3 ratings)
This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
from django.contrib.auth.models import User import hashlib class PhpbbAuthenticationBackend: def authenticate(self, username=None, password=None): try: # phpbb 2.x encodes passwords as plain md5 hashes, no salt pass_md5 = hashlib.md5(password).hexdigest() user = User.objects.get(username=username, password=pass_md5) # get rid of the old-style password, get with the new style! user.set_password(password) user.save() return user except User.DoesNotExist: return None